KB is Hiring. Are you Looking?

kbhiring

Kenton Brothers is hiring! We’re looking to fill two positions.
The first is a Commercial Burglary/Fire Technician. If you have experience in commercial security, please apply to join us at KB!
The second is for a Warehouse Inventory Control Clerk. Consider working with our awesome team if you have an interest in shipping and receiving and inventory management.
Both jobs are linked in this post to our ads on Zip Recruiter.
You can apply on ZipRecruiter or email your resume to Amy at
amys@kentonbrothers.com

Commercial Burglary/Fire Technician

Warehouse Inventory Control Clerk

Cluster Mailboxes for Your Community

af-florence__1_

 

Cluster mailboxes originated with the United States Postal Service (USPS) desire to move away from individual mailboxes at each postal address to a centralized cluster of mailboxes that served many individual addresses.   Making this switch helps postal carriers and provides major benefits to the USPS.

  1. Cluster mailboxes allow postal carriers to make fewer stops, which means lower operating costs for each mail carrier’s vehicle.
  2. Cluster mailboxes provide faster overall service since multiple deliveries per stop is far more efficient than one delivery per stop.
  3. The change to cluster mailboxes results in far less dog bites (seriously) per mail carrier as the carrier no longer has to enter yards or fences to deliver the mail.

 

The change to centralized CBU mailboxes not only provides the above benefits to USPS and its postal carriers, but there are benefits to property developers and property managers, too.

  1. The utilization of CBU mailboxes provides significant cost savings over individual mailboxes for each tenant or resident.
  2. CBU mailboxes provide a much more secure solution to mail delivery for tenants by significantly reducing mail theft and identity theft. Safe mail and package delivery enhances the overall safety of the property under management.
  3. The overall aesthetics of the neighborhood or tenant property can be significantly improved due to the elimination of non-uniform or damaged individual mailboxes.

 

In addition to the benefits to the USPS and property developers or managers, CBU mailboxes or cluster mailboxes also have benefits to the end users, the residents or tenants themselves:

  1. The utilization of cluster mailboxes means that tenants or homeowners no longer have to wait at home or at the office for the mail in order to receive a parcel package.
  2. The use of cluster mailboxes allows tenants or homeowners to avoid trips to the post office or collection boxes by simply placing outgoing mail in the cluster mailbox’s outgoing mail slot.
  3. The mail received in cluster mailboxes is much better protected from the elements, thieves, and tampering than through standard, unprotected individual mailboxes.
  4. The cost savings to the USPS from the use of cluster mailboxes help sustain lower costs to the end user.

 

Call us at Kenton Brothers today to learn more about our high-quality Florence cluster mailboxes.

Don’t know about Triflow?

Triflow

Don’t know about Triflow?? You need to know! Come on in and we will tell you the story.

The Security of Your Security System

The Security of Your Security System

by Brian Carle

security-265130_960_720Ironically, not much attention has been paid to the security of most security systems. Anecdotal reports of video security deployments seem to indicate that more often than not, passwords are left at defaults, default accounts are left enabled, firewalls are not configured, and other best practices of proper information security are commonly not adhered to.

In the past two years several high profile data breaches, namely the Target data breach in 2014, have put greater focus on the data security of all network connected devices. More recently, prominent video security brands have had significant vulnerabilities exposed that could allow for malicious network attacks for organizations that have deployed the affected equipment.

Although attention is paid when a corporation suffers a major data breach, or a product vendor has an unintended vulnerability exposed, many “everyday” security deployments would benefit greatly from some basic IT best practices for securing network connected systems.

Default Passwords

Without question, changing default passwords on network connected devices should be standard practice. Although this practice should be in place for all network connected devices, in video security often camera passwords for default user accounts are not altered. Some camera vendors force a password to be set for the administrative account when first logging into the web interface, but if installers connect the cameras to the corresponding NVR without ever using the web interface, this step could be overlooked. Creating passwords that are difficult to guess may involve incorporating special characters, numbers and capitalization.

To take password security to the next level, use different passwords for all devices. It is quite common for all cameras to share the same password, even if the password has been changed from its default. In the event the new password becomes known to unauthorized individuals, all the camera devices become compromised.

Some organizations will go as far as removing default user accounts, so accounts can be created in their place without the default usernames. This is typically an effort to reduce the possibility of ‘brute force’ attacks, where combinations of passwords are attempted on a known user name. Not all video security products support this capability so if policy dictates this level of configuration, verify products support this function.

Locking Down Unused Services and Ports

server sphereCameras and NVRs often ship with all features and methods of access turned on by default. Once deployed, only subsets of these functions are ever used.

Leaving unused features and protocols turned on, exposes the camera and NVRs to methods of access that are not intended, and no additional system functionality is gained by leaving these settings turned on. Using a software firewall on an NVR and turning off unused services should be considered part of the basic configuration when deploying systems.

Some examples of services and protocols which should be turned off in most deployments include FTP, SSH or telnet, remote desktop, file sharing, UPnP and other discovery methods (after setup).

Network Segmentation and 802.1X

Deploying IP cameras means access to switch ports will be exposed in public locations. It’s possible a camera enclosure could be opened to access the network cable connecting the camera to the internal network, providing relatively easy physical access to other networked systems. This is particularly a concern for cameras mounted outdoors, on a rooftop or in a parking lot, because network access is available outside the physical protection of the building.

A first step to protecting unauthorized physical access to the network is to connect cameras to a switch that is not physically connected to the organization’s main computer network. This is commonly done by using an NVR with two or more network ports. One network port of the NVR connects to the camera-only network and the other side connects to the main network, allowing access to the video feeds. VLAN configuration can be used to segment ports on the same physical switch which prevents direct communication with other devices on that switch that are not defined as part of the VLAN, providing the same end result.

Some cameras and network switches offer 802.1X, which is a network switch level authentication protocol. In short, this functionality ensures only the device authorized to connect to a particular switch port is able to. If another device is plugged into an 802.1X protected switch port, it will not be able to communicate on the network. For deployments where cameras are located outside a building or in publically accessible locations, 802.1X capable switches and cameras should be strongly considered.

Encrypted Communications

Encryption of communications is what most people think of first on the topic of security. Using a network sniffing tool, account credentials and data can be recorded by an unauthorized device. Without encryption, captured data can be easily used by someone other than the intended recipient.

It is more common for encrypted communications to be considered for data being transmitted over a public network, such as the internet, however more network security professionals consider it necessary for internal network communications to prevent security breaches by unauthorized employees and contractors with network access.

Ongoing Patching and Management

Devices marketed as an “Appliance”, which may apply to an NVR or an IP camera, may not get the same level of IT attention that a standard Windows workstation or server deployment would, potentially leading to systems with known security vulnerabilities connected to the network. Some organizations have policies that require various departments to pay IT for support of newly connected Windows systems, or there may be a policy preference against using systems with a full Windows deployment in favor of ‘appliance’ devices due to a perception of reduced need for software updating and patching.

This is generally a mistaken perception. Devices marketed as ‘appliances’ are still running operating systems, generally Windows Embedded or Linux, and still connected to the network. An older version of an operating system on an appliance could present a security risk in the same way an unpatched and unsecured Windows computer would.

When considering an ‘Appliance’ best practice would dictate verifying the underlying Operating System used, the version and patch level of the OS. Also, ask the vendor how OS security issues are resolved when vulnerabilities are uncovered. A delay between a known OS vulnerability and the corresponding patch becoming available for the appliance should cause concern.

Post Installation Auditing

Consumers that are concerned over the configuration of deployed systems should consider third party or internal security auditing following the installation of a video security system. Adding this procedure is a simple and effective way to validate the installation is configured according to security policies and meets a minimum standard of security hardening.

Free scanning tools, such as Nmap, can be used to generate reports on what ports are open on a network connected device, providing for simple and fast verification of whether unused protocols are enabled. In addition, verifying password strength and other configuration mentioned herein should provide a basic means of validation system security post-installation.

When valuable data is compromised, there are significant risks to any organization. In the case of data belonging to a third party or a customer, the cost of the associated legal liability can be huge. Furthermore, the impact to an organization’s brand can have lasting consequences. Having a strong set of security best practices will minimize these risks and can differentiate integrators who educate consumers on the risks and technologies.

 

Originally posted by Brian Carle in the February 2016 issue of Security Today magazine.  As Director of Product Strategy for Salient Systems, Brian manages Salient’s CompleteView Video Management Software and CompleteView Cloud VSaaS product lines. Brian has over 13 years of experience working with network cameras and video management products. Prior to his current position, Brian worked for Axis Communications as ADP Program Manager, Technical Trainer & Sr. Sales Engineer.